254e47a1770ad9ef68e93028f5fe955be097c89e9bf0710b17667d6cb92fad3a

Sharing

Copy URL Twitter E-mail

General

Target

254e47a1770ad9ef68e93028f5fe955be097c89e9bf0710b17667d6cb92fad3a
Size

5.0MB
MD5

0a1f2e88385100209f0c1b0952fd2927
SHA1

54019482fc3c876d24613812298ffadee83084e3
SHA256

254e47a1770ad9ef68e93028f5fe955be097c89e9bf0710b17667d6cb92fad3a
SHA512

80a0fd6a63f90872e01a51fa32a929be25e62c1f6e28b160ce6abe5381567340feee33de340de9addc53d2910ff89332349b278f81f49214304c45e4461bd4a6
SSDEEP

98304:l/z8cEAFTlhpfeV3vdsrBBwZe5uxOS1KZY5siyWkTE4rH:e5KTLcV3KrXuegxOSAZY5ryvE8H

Score

1^/10

Malware Config

Signatures

Files

254e47a1770ad9ef68e93028f5fe955be097c89e9bf0710b17667d6cb92fad3a
.exe windows:4 windows x86 arch:x86

ab193ca1959c956a8974bd0b40b18cfe

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:01:c3:ff:88:55:f0:08:c8:e4:fa:63:97:32:52:e6
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2019, 00:00

Not After

30/03/2022, 12:00

Subject

SERIALNUMBER=4489370,CN=NCH Software\, Inc.,O=NCH Software\, Inc.,L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b9:14:f4:75:ba:6f:ac:ea:57:5d:b5:25:12:5c:7a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2019, 00:00

Not After

30/03/2022, 12:00

Subject

SERIALNUMBER=4489370,CN=NCH Software\, Inc.,O=NCH Software\, Inc.,L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

80:de:f1:38:82:d2:72:13:eb:03:15:cd:cf:2c:b5:af:23:26:d7:57:03:9b:0a:e9:fd:ed:c4:ff:a0:f6:e4:25
Signer

Actual PE Digest

80:de:f1:38:82:d2:72:13:eb:03:15:cd:cf:2c:b5:af:23:26:d7:57:03:9b:0a:e9:fd:ed:c4:ff:a0:f6:e4:25

Digest Algorithm

sha256

PE Digest Matches

true

f9:bd:f6:82:12:15:b6:4e:ac:82:cc:4f:9b:9a:f2:b5:9f:87:8e:dc
Signer

Actual PE Digest

f9:bd:f6:82:12:15:b6:4e:ac:82:cc:4f:9b:9a:f2:b5:9f:87:8e:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sourcecode\drawpad\release\Drawpad.pdb

Imports

imm32

ImmGetCompositionStringW
ImmGetVirtualKey
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext
ImmNotifyIME

kernel32

GlobalHandle
GetCurrentProcessId
GetDiskFreeSpaceExW
GetComputerNameW
CreateMutexW
GetCommandLineW
ProcessIdToSessionId
GlobalUnlock
GetModuleHandleW
GetFileTime
GetTimeZoneInformation
ConnectNamedPipe
GlobalLock
RtlCaptureContext
ReadProcessMemory
SystemTimeToTzSpecificLocalTime
CreateToolhelp32Snapshot
SetEndOfFile
LocalAlloc
GetEnvironmentVariableW
CreateThread
CancelIo
GlobalAlloc
ReleaseMutex
HeapFree
GetPrivateProfileSectionNamesW
TerminateProcess
LoadResource
GetModuleFileNameW
FormatMessageW
Process32NextW
CreateFileMappingW
GetSystemTime
GetCurrentDirectoryA
GetProcessHeap
CreatePipe
LockResource
WaitNamedPipeW
WaitForMultipleObjects
FreeResource
ExitProcess
GetPrivateProfileStringW
QueryPerformanceCounter
DuplicateHandle
QueryPerformanceFrequency
SetEnvironmentVariableW
LoadLibraryW
LoadLibraryExW
VirtualQuery
PeekNamedPipe
Process32FirstW
GetExitCodeProcess
SetUnhandledExceptionFilter
RemoveDirectoryW
SizeofResource
OpenFileMappingW
GetCurrentThread
GetDriveTypeW
GetProcAddress
WaitForSingleObject
CreateEventW
lstrlenA
SetEnvironmentVariableA
CompareStringW
UnmapViewOfFile
MoveFileExW
LocalFree
GetModuleFileNameA
GetThreadContext
SetFileAttributesW
GetShortPathNameW
GetCPInfo
lstrcpyW
SetFilePointer
GetThreadPriority
CreateNamedPipeW
ResumeThread
SetLastError
GetStdHandle
GetFileAttributesA
HeapAlloc
GetPrivateProfileIntW
GetACP
FileTimeToLocalFileTime
SetCurrentDirectoryW
GetStartupInfoW
FileTimeToSystemTime
GlobalSize
FindResourceW
MapViewOfFile
SuspendThread
GetEnvironmentVariableA
GetOverlappedResult
SetThreadPriority
GetTickCount
GetCurrentProcess
MulDiv
FreeLibrary
InterlockedExchangeAdd
GlobalFree
DeleteCriticalSection
ResetEvent
GetFileSizeEx
GetLocaleInfoW
GetSystemInfo
GetFileAttributesW
GetVersionExA
GetTempPathW
GlobalMemoryStatusEx
InterlockedIncrement
DeleteFileW
FlushFileBuffers
InterlockedExchange
MultiByteToWideChar
CopyFileW
CloseHandle
SetEvent
ReadFile
Sleep
EnterCriticalSection
WideCharToMultiByte
GetCurrentThreadId
InterlockedDecrement
FindNextFileW
FindClose
LeaveCriticalSection
VerifyVersionInfoW
CreateProcessW
LoadLibraryA
CreateDirectoryW
GetVersionExW
WriteFile
SetFilePointerEx
OpenProcess
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
VerSetConditionMask
GetLastError
CreateFileW
DisconnectNamedPipe
FindFirstFileW
InitializeCriticalSection
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
IsDebuggerPresent
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP

advapi32

RegQueryValueExW
CryptDestroyHash
FreeSid
RegDeleteValueW
CryptDeriveKey
CryptEncrypt
SetSecurityDescriptorDacl
InitializeSid
CryptHashData
CryptDuplicateKey
CryptCreateHash
GetSidLengthRequired
RegEnumKeyExW
GetUserNameW
AddAccessAllowedAce
CryptImportKey
RegSetKeySecurity
CryptSetKeyParam
RegDeleteKeyW
CheckTokenMembership
RegCloseKey
RegEnumValueW
RegSetValueExW
RegOpenKeyW
CryptGetKeyParam
CryptDestroyKey
CryptDecrypt
OpenProcessToken
DuplicateTokenEx
RegQueryInfoKeyW
SetFileSecurityW
InitializeAcl
InitializeSecurityDescriptor
CryptAcquireContextW
RegEnumKeyW
RegOpenKeyExW
AllocateAndInitializeSid
GetAce
GetSidSubAuthority
CryptReleaseContext
RegCreateKeyExW

comctl32

ord17
CreatePropertySheetPageW
_TrackMouseEvent
PropertySheetW
InitCommonControlsEx
ImageList_DragEnter
ImageList_Merge
ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_DrawEx
ImageList_DragShowNolock
ImageList_ReplaceIcon
ImageList_DragLeave
ImageList_DragMove
ImageList_Destroy
ImageList_GetIcon
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageInfo

comdlg32

GetOpenFileNameW
GetSaveFileNameW
PrintDlgW
CommDlgExtendedError

gdi32

CreateSolidBrush
StartPage
EndDoc
TextOutW
EndPage
CreateFontIndirectW
SelectObject
SetBkMode
GetTextMetricsA
CreatePen
MoveToEx
CreateFontW
GetTextMetricsW
CreateRectRgnIndirect
SetTextColor
CreateBrushIndirect
CreateDIBSection
SetStretchBltMode
SetDIBits
EnumFontFamiliesExW
GetWindowExtEx
CreateRectRgn
BitBlt
SetDIBitsToDevice
SetBitmapBits
ExtTextOutW
CreateBitmap
SetDCBrushColor
Polygon
GetTextCharset
DeleteDC
GetFontData
GetGlyphOutlineW
Polyline
SetWindowExtEx
GetBkMode
GetClipBox
GetBitmapBits
CreateDIBitmap
PolyPolyline
GetTextAlign
CombineRgn
GetObjectA
StretchBlt
GetDIBits
CreatePatternBrush
SetPixel
GetTextExtentPoint32W
CreateDCW
SetTextAlign
GetOutlineTextMetricsW
SetBrushOrgEx
CreateCompatibleDC
GetGlyphIndicesW
GetViewportExtEx
SetBkColor
DeleteObject
SetViewportExtEx
GetStockObject
GetDeviceCaps
StartDocW
GetObjectW
CreateCompatibleBitmap
LineTo
GetCurrentObject

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoInitializeSecurity
CoInitialize

oleaut32

SysAllocString
OleLoadPicturePath
SafeArrayGetElement
SafeArrayGetUBound
SysFreeString
VariantInit
OleLoadPicture
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear

shell32

DragFinish
ShellExecuteExW
DragQueryFileW
SHGetFolderPathW
SHChangeNotify
SHGetDesktopFolder
SHEmptyRecycleBinW
DragAcceptFiles
SHGetMalloc
ord155
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteW
ord680
SHCreateShellItem
SHParseDisplayName
SHBrowseForFolderW
ShellExecuteA

shlwapi

PathRelativePathToW
PathCompactPathExW
SHDeleteKeyW
SHDeleteEmptyKeyW
StrCmpLogicalW

user32

SystemParametersInfoW
ScrollWindowEx
IsZoomed
EnableWindow
GetClassNameW
GetDlgItem
GetFocus
UpdateWindow
SetTimer
MapWindowPoints
GetDesktopWindow
TrackPopupMenu
CheckDlgButton
AppendMenuW
GetScrollBarInfo
FillRect
CharLowerW
WaitForInputIdle
GetCapture
DefWindowProcW
ReleaseCapture
KillTimer
DeleteMenu
SetMenuItemBitmaps
DrawTextW
GetScrollInfo
GetMessageExtraInfo
GetDlgItemInt
GetCursor
IsWindowEnabled
VkKeyScanW
DestroyWindow
GetClientRect
UnhookWindowsHookEx
GetCursorInfo
GetWindowTextLengthW
SendDlgItemMessageW
SetPropW
LoadImageW
CreateIconIndirect
ShowScrollBar
IsDialogMessageW
RegisterClipboardFormatW
EnumWindows
WindowFromDC
WindowFromPoint
InvalidateRgn
FindWindowExW
GetMenuBarInfo
SetClipboardData
AllowSetForegroundWindow
InsertMenuW
SetLayeredWindowAttributes
GetKeyNameTextW
DrawTextExW
EnumDisplaySettingsW
SetForegroundWindow
GetClassNameA
GetUpdateRect
GetIconInfo
CheckMenuItem
OffsetRect
EnumDisplayDevicesW
GetMenuInfo
GetDialogBaseUnits
EnumDisplayMonitors
EndMenu
ModifyMenuW
EnableMenuItem
MapDialogRect
CallWindowProcW
CreateDialogParamW
CallNextHookEx
PostQuitMessage
PeekMessageW
DrawIconEx
GetMonitorInfoW
GetPriorityClipboardFormat
GetMenuItemCount
GetMenuItemInfoW
IsClipboardFormatAvailable
GetSysColorBrush
ReleaseDC
GetDlgItemTextW
DispatchMessageW
InsertMenuItemW
MapVirtualKeyW
GetClassInfoW
RemovePropW
CountClipboardFormats
EnumChildWindows
AdjustWindowRectEx
GetAncestor
LoadIconW
ChildWindowFromPoint
TranslateMessage
GetClipboardData
UnregisterClassW
DrawFocusRect
GetSubMenu
SetMenuInfo
keybd_event
RemoveMenu
MonitorFromPoint
MonitorFromRect
ValidateRect
GetComboBoxInfo
GetWindow
MsgWaitForMultipleObjects
CopyImage
FindWindowW
SetWindowPlacement
InflateRect
ClientToScreen
DrawEdge
SetActiveWindow
GetNextDlgGroupItem
GetWindowTextW
IsCharAlphaW
GetWindowThreadProcessId
SetMenuItemInfoW
EqualRect
LoadStringW
GetKeyboardState
GetMessageW
MonitorFromWindow
FlashWindowEx
GetDlgCtrlID
EndDialog
wsprintfW
AttachThreadInput
DialogBoxIndirectParamW
PtInRect
BeginPaint
InvalidateRect
DialogBoxParamW
FrameRect
LoadCursorW
SetDlgItemTextW
SetWindowTextW
ShowWindow
IsIconic
GetAsyncKeyState
EmptyClipboard
GetSysColor
CreateWindowExW
DestroyMenu
EndPaint
GetDC
CreateDialogIndirectParamW
DestroyIcon
MessageBoxW
DestroyCursor
SetWindowLongW
GetKeyState
MoveWindow
PostMessageW
RegisterClassW
SetMenu
SetCursor
IsDlgButtonChecked
GetActiveWindow
SendMessageW
GetPropW
SetWindowPos
CreatePopupMenu
GetSystemMetrics
GetParent
SetClassLongW
RedrawWindow
IsWindow
SetWindowsHookExW
GetWindowDC
SetCapture
GetMenu
SetFocus
SendInput
GetWindowPlacement
IsWindowVisible
OpenClipboard
SetScrollInfo
DrawStateW
CloseClipboard
GetForegroundWindow
GetWindowRect
ScreenToClient
GetWindowLongW

ws2_32

WSAStartup
select
WSAGetLastError
__WSAFDIsSet
htons
send
setsockopt
gethostname
socket
gethostbyaddr
gethostbyname
closesocket
ntohs
connect
recv
ioctlsocket
inet_addr

winspool.drv

OpenPrinterW

netapi32

NetUserGetInfo
NetApiBufferFree

gdiplus

GdipGetImageHeight
GdipDeletePen
GdipDrawLine
GdipMultiplyWorldTransform
GdipFillEllipse
GdipGetPropertyCount
GdipImageGetFrameDimensionsCount
GdipScaleWorldTransform
GdipAddPathPath
GdipCreateMatrix2
GdipSetTextRenderingHint
GdipImageRotateFlip
GdipSetStringFormatHotkeyPrefix
GdipCreateBitmapFromHICON
GdipCreateStringFormat
GdipGetFontCollectionFamilyList
GdipGetPenWidth
GdipSetPathGradientCenterColor
GdipSetPathGradientPresetBlend
GdipDrawImageI
GdipSetPathGradientWrapMode
GdipSetStringFormatTrimming
GdipSetPenLineCap197819
GdipFillPath
GdipReleaseDC
GdipGetCellAscent
GdipCreateCachedBitmap
GdipGetPenDashStyle
GdipSetInterpolationMode
GdipSetPathGradientCenterPoint
GdipGetClip
GdipRotateMatrix
GdipSetTextureTransform
GdipDrawCachedBitmap
GdipDeleteStringFormat
GdipSetPenStartCap
GdipCreateBitmapFromScan0
GdipTranslateMatrix
GdipDisposeImageAttributes
GdipIsOutlineVisiblePathPoint
GdipDeleteGraphics
GdipStringFormatGetGenericTypographic
GdipCreateImageAttributes
GdipSetPathGradientTransform
GdipSetPenColor
GdipSetPenLineJoin
GdipGetImageEncodersSize
GdipGetCellDescent
GdipSetPenDashOffset
GdipCreateFontFromLogfontA
GdipMeasureString
GdipCreateTexture
GdipSetPenDashArray
GdipGetPathGradientPointCount
GdipSetLineWrapMode
GdipGetPenLineJoin
GdipGetFamilyName
GdipSetMatrixElements
GdipSetStringFormatLineAlign
GdipSetLinePresetBlend
GdipGetFontStyle
GdipGetImageEncoders
GdipCloneStringFormat
GdipCreatePathGradientFromPath
GdipGetFamily
GdipGetImageGraphicsContext
GdipSetClipRegion
GdipGetDC
GdipCreateTextureIAI
GdipSetPathGradientSurroundColorsWithCount
GdipSetPenWidth
GdipCreateFontFromDC
GdipSetLineTransform
GdipBitmapSetResolution
GdipNewInstalledFontCollection
GdiplusShutdown
GdipAddPathStringI
GdipSetImageAttributesWrapMode
GdipCreateRegionPath
GdipFlattenPath
GdipCreateLineBrush
GdipWidenPath
GdipAddPathString
GdipSetPenEndCap
GdiplusStartup
GdipGetFontCollectionFamilyCount
GdipGetFontSize
GdipRotateTextureTransform
GdipGetPenStartCap
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetPenMiterLimit
GdipCreateRegion
GdipDeleteCachedBitmap
GdipCombineRegionPath
GdipGetStringFormatFlags
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipSetWorldTransform
GdipSetPenDashCap197819
GdipCloneFontFamily
GdipSetPenDashStyle
GdipCreateBitmapFromHBITMAP
GdipDrawImageRect
GdipDrawImageRectRect
GdipGetEmHeight
GdipGetPenMiterLimit
GdipGetPenEndCap
GdipIsVisiblePathPoint
GdipGetPointCount
GdipSetSolidFillColor
GdipGetGenericFontFamilySansSerif
GdipSaveImageToStream
GdipGetImageVerticalResolution
GdipDeleteBrush
GdipClonePath
GdipAddPathArc
GdipDeleteFontFamily
GdipCreatePen2
GdipCreateRegionRect
GdipCreateFontFamilyFromName
GdipDeleteRegion
GdipAddPathLine2
GdipCloneImage
GdipGetPropertyItem
GdipSetPathFillMode
GdipCreateBitmapFromStream
GdipReversePath
GdipResetClip
GdipDrawString
GdipGraphicsClear
GdipGetPropertyItemSize
GdipCreateFont
GdipCreatePen1
GdipCreateMatrix
GdipGetImageHorizontalResolution
GdipAddPathBezier
GdipImageGetFrameDimensionsList
GdipAddPathLine
GdipGetImagePixelFormat
GdipCloneBrush
GdipSetPixelOffsetMode
GdipAddPathEllipse
GdipDrawEllipse
GdipResetPath
GdipWindingModeOutline
GdipGetImageWidth
GdipGetMatrixElements
GdipCreatePath
GdipImageGetFrameCount
GdipTransformPath
GdipDisposeImage
GdipDeleteMatrix
GdipDrawRectangle
GdipGetPathLastPoint
GdipRemovePropertyItem
GdipGetPathTypes
GdipDeletePath
GdipSetPageUnit
GdipStartPathFigure
GdipFillRectangle
GdipImageSelectActiveFrame
GdipAddPathRectangle
GdipGetPathPoints
GdipResetWorldTransform
GdipClosePathFigure
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawPath
GdipSetSmoothingMode
GdipSetCompositingMode
GdipBitmapUnlockBits
GdipGetPathWorldBounds
GdipGetWorldTransform
GdipAddPathBeziers
GdipGetPropertyIdList
GdipDeleteFont
GdipBitmapLockBits
GdipGetPathFillMode
GdipCreateSolidFill

msimg32

GradientFill
AlphaBlend

iphlpapi

GetAdaptersAddresses
GetIpAddrTable

wininet

InternetAutodialHangup
InternetGetConnectedState
InternetQueryOptionA
InternetAutodial

dnsapi

DnsQuery_W
DnsRecordListFree

secur32

DecryptMessage
EncryptMessage
AcquireCredentialsHandleW
FreeContextBuffer
ApplyControlToken
FreeCredentialsHandle
InitializeSecurityContextW
DeleteSecurityContext
QueryContextAttributesW

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CryptQueryObject

wintrust

WinVerifyTrust

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab193ca1959c956a8974bd0b40b18cfe

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0a:01:c3:ff:88:55:f0:08:c8:e4:fa:63:97:32:52:e6Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

07:b9:14:f4:75:ba:6f:ac:ea:57:5d:b5:25:12:5c:7aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate

Extended Key Usages

Key Usages

80:de:f1:38:82:d2:72:13:eb:03:15:cd:cf:2c:b5:af:23:26:d7:57:03:9b:0a:e9:fd:ed:c4:ff:a0:f6:e4:25Signer

f9:bd:f6:82:12:15:b6:4e:ac:82:cc:4f:9b:9a:f2:b5:9f:87:8e:dcSigner

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

advapi32

comctl32

comdlg32

gdi32

ole32

oleaut32

shell32

shlwapi

user32

ws2_32

winspool.drv

netapi32

gdiplus

msimg32

iphlpapi

wininet

dnsapi

secur32

crypt32

wintrust

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 508KB - Virtual size: 508KB

.data Size: 43KB - Virtual size: 60KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0a:01:c3:ff:88:55:f0:08:c8:e4:fa:63:97:32:52:e6
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

07:b9:14:f4:75:ba:6f:ac:ea:57:5d:b5:25:12:5c:7a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

80:de:f1:38:82:d2:72:13:eb:03:15:cd:cf:2c:b5:af:23:26:d7:57:03:9b:0a:e9:fd:ed:c4:ff:a0:f6:e4:25
Signer

f9:bd:f6:82:12:15:b6:4e:ac:82:cc:4f:9b:9a:f2:b5:9f:87:8e:dc
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 508KB - Virtual size: 508KB

.data
Size: 43KB - Virtual size: 60KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB